Method and system for dynamic risk assessment of software systems
First Claim
1. A method for assessing risks associated with components in a software system, said method comprising the steps of:
- identifying a set of risk factors associated with the components, wherein the risk factors include two or more of code complexities, architectural relationships, fault histories, development activities, designer profiles, component contention, and usage profiles of the software components;
defining a risk model based on the identified set of risk factors for determining risk values of the components, respectively, wherein the risk model comprises a set of risk relations that associate the set of risk factors with risk values of the components;
dynamically retrieving, from a plurality of external databases, data associated with the set of risk factors; and
determining the risk values of the components, respectively, by inputting into the risk model the retrieved data.
10 Assignments
0 Petitions
Accused Products
Abstract
A method and system for assessing risks associated with software systems include the steps of dynamically retrieving, from a plurality of external database systems, a set of risk factor data associated with the components of the software systems, and determining risk values of the components, respectively, based on a predefined risk model and the retrieved risk factor data. The retrieved risk factor data represents a multi-dimensional view of the potential risks associated with the components, and may include two or more of code complexities, architectural relationships, fault histories, development activities, designer profiles, component contention, and/or usage profiles of the software components. The risk model includes a set of risk relations that associate the retrieved risk factor data with the risk values of the components. The risk relations may be defined by correlating historical risk factor data with actual risk measurements of the components using statistical or other quantitative methods. Alternatively, the risk relations may be defined by a set of rules, which associate the retrieved risk factor data with the risk values of the components.
231 Citations
8 Claims
-
1. A method for assessing risks associated with components in a software system, said method comprising the steps of:
-
identifying a set of risk factors associated with the components, wherein the risk factors include two or more of code complexities, architectural relationships, fault histories, development activities, designer profiles, component contention, and usage profiles of the software components;
defining a risk model based on the identified set of risk factors for determining risk values of the components, respectively, wherein the risk model comprises a set of risk relations that associate the set of risk factors with risk values of the components;
dynamically retrieving, from a plurality of external databases, data associated with the set of risk factors; and
determining the risk values of the components, respectively, by inputting into the risk model the retrieved data. - View Dependent Claims (2, 3)
determining a set of risk ratings associated with the components by comparing the determined risk values with a set of pre-determined thresholds, respectively.
-
-
3. The method of claim 1, wherein said retrieving step comprises the steps of:
-
monitoring a set of pre-defined events that correspond to modifications of the external databases;
identifying the data that is modified in the external databases; and
transferring the modified data into an internal database.
-
-
4. A system for assessing risks associated with components in a software system, comprising:
-
a memory including;
a data retriever program for dynamically retrieving, from a plurality of external databases, risk factor data that includes two or more of code complexities, architectural relationships, fault histories, development activities, designer profiles, and usage profiles of the components;
a risk analyzer program for determining risk values of the components based on the dynamically retrieved data and a pre-defined risk model, wherein the risk model comprises a set of risk relations that associate the retrieved risk factor data with the risk values of the components; and
a processor for running the data retriever program and the risk analyzer program.
-
-
5. A method for assessing risks associated with components in a software system, said method comprising the steps of:
-
dynamically retrieving, from a plurality of external databases, risk factor data associated with the components, wherein the risk factor data includes two or more of code complexities, architectural relationships, fault histories, development activities, designer profiles, component contention, and usage profiles of the software components; and
determining risk values of the components, respectively, based on a predefined risk model and the retrieved risk factor data, wherein the risk model comprises a set of risk relations that associate the retrieved risk factor data with the risk values of the components. - View Dependent Claims (6, 7)
determining a set of risk ratings associated with the components by comparing the determined probabilities with a set of pre-determined thresholds, respectively.
-
-
7. The method of claim 5, wherein said retrieving step comprises the steps of:
-
monitoring a set of pre-defined events that correspond to modifications of the external databases;
identifying the risk factor data that is modified in the external databases; and
transferring the modified risk factor data into an internal database.
-
-
8. A computer-readable medium capable of configuring a computer to perform a method for assessing risks associated with components in a software system, said method comprising the steps of:
-
dynamically retrieving, from a plurality of external databases, risk factor data associated with the components, wherein the risk factor data includes two or more of code complexities, architectural relationships, fault histories, development activities, designer profiles, component contention, and usage profiles of the software components; and
determining risk values of the components, respectively, based on a predefined risk model and the retrieved risk factor data, wherein the risk model comprises a set of risk relations that associate the retrieved risk factor data with the risk values of the components.
-
Specification